Students as Cheaters

Via Inside Higher Ed: “About 6 percent of students who took an online final exam proctored by Examity last fall broke the rules. … Most of the attempts to cheat came in the form of a cheat sheet (21 percent) or using Google to look up answers or translations (14 percent).”

Interesting verb choice in this headline: “Sophisticated test scams from China invade U.S. college admissions.” And the subhead: “Students hire imposter ‘gunmen’ to take the SAT, the GRE and other tests.”

Breaches and Vulnerabilities

When Evernote updated its privacy policy, the new terms said that the company’s employees would be able to read people’s notes in order to improve its “machine learning.” Needless to say, folks were upset, and despite insisting it wasn’t a big deal at first, the company has now changed its mind. You’ll have to opt-in to having your notes perused.

Speaking of cybercrime, you know it’s bad when hackers use ransomware to attack San Francisco’s public transit system. Good thing all the technologists in the vicinity are out there solving the world’s most pressing problems.

Via Inside Higher Ed: “The FBI and the United States Attorney for the Southern District of New York on Wednesday announced the arrest of a Phoenix-based man who attempted to gain access to more than 2,000 university email accounts at more than 75 colleges and universities.”

“Pop star tells fans to send their Twitter passwords, but it might be illegal,” says Ars Technica. Illegal or not, this is such a dumb idea. “#HackedByJohnson entices young fans so he can post cute messages in their name.”

“How Minecraft undermined my digital defences,” by the BBC’s Mark Ward. (A pretty important read on security and privacy for parents/users of Minecraft.)

Data Standards

Ed-Fi and IMS Global announced a partnership, Edsurge reports, “to work towards creating a ‘unified approach to rostering.’”

The Ed-Fi Alliance and IMS Global Learning Consortium have announced their plans to develop “a single, unified approach for rostering across the most adopted K–12 data standards and have now further solidified their joint support for IMS OneRoster™ as the cross-industry rostering API.” Hooray. Trademarked standards.

Privacy Legislation and Lawsuits

Via The Oregonian: “Two former University of Oregon Counseling & Testing Center employees, who blew the whistle on a superior they said accessed an alleged rape victim’s health records without her consent, settled a lawsuit with the school.”

“A bill designed to strengthen the privacy and security of student educational data continued down its apparently smooth path to passage Wednesday, winning unanimous Senate Education Committee approval,” Chalkbeat reports. Lest you think this is a story about federal legislation and that DC gridlock is over, to be clear, this is a measure in the state of Colorado.

Proposed legislation before Georgia’s General Assembly would “require schools to provide certain information to students and parents prior to using any digital-learning platform; to provide for definitions; to provide for destruction of student data collected through a digital-learning platform; to provide the opportunity to opt out; to provide for legislative findings; to provide for related matters; to repeal conflicting laws; and for other purposes.”

Via Chalkbeat: “A Colorado mom asked for records about her son. The school district billed her $567.” Yay, FERPA.

Education Technology, Data Collection, and Infosec

Apple released a preview of features that will appear in iOS9.3 and that will help schools manage devices more easily. More via Edsurge.

Apple has acquired LearnSprout, a company that initially worked on API- and SIS-integration tools (but that had recently pivoted to an analytics dashboard). Edsurge surmises that the acquisition will help Apple with new iOS features that promise to better integrate devices and apps into school administrative tools.

Via The New York Times: “Who’s Too Young for an App? Musical.ly Tests the Limits.” (Once upon a time, Musical.ly was an ed-tech startup.)

I’m sticking this here in the surveillance section as it crosses the line into creepy. Via Campus Technology: “MIT Teaches Wireless Routers to Know How You’re Feeling.”

Via Buzzfeed: “We Looked Inside Yale’s Admissions Files And Found How They Talk About Applicants.”

Meanwhile, over at Edsurge: “A Small Liberal Arts School Becomes a Testing Ground for the ‘Facebook of Learning Management Systems’.”

Via The New York Times: “Public Advocate Letitia James has sued the New York City Education Department, saying a $130 million computer system meant to track services for students with disabilities was a failure.”

And I guess that’s why I’m a little skeptical about professors clamoring to be on “the watchlist.” A better tactic, I’d argue, is to make sure your department and institution have concrete steps they’ll take in order to protect academic freedom and – quite literally – protect academics’ lives when these sorts of threats occur.

The EFF points out “Loopholes and Flaws in the Student Privacy Pledge.” The Future of Privacy Forum responds: “Student Privacy Pledge Loopholes? Nope. We Did Our Homework.” Did you know that the Future of Privacy Forum is financially backed by AT&T, Comcast, Facebook, and Google? Did you know that its run by Jules Polonetsky, who used to run DoubleClick, Google’s ad service? (I did. I did my homework.)

Via The Chronicle: “UC Berkeley faculty members are buzzing over news that University of California President Janet Napolitano ordered the installation of computer hardware capable of monitoring all e-mails going in and out of the UC system. ‘The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus and has enough local storage to save over 30 days of all this data,’ Ethan Ligon, one of six members of the school’s Senate-Administration Joint Committee on Campus Information Technology, wrote in an e-mail Thursday to fellow faculty members.”

Via Inside Higher Ed: “The faculty of the Graduate School at Rutgers University in New Brunswick took a stand against Academic Analytics on Tuesday, resolving that administrators shouldn’t use proprietary information about faculty productivity in decisions about divvying up resources among departments, or those affecting the makeup of the faculty, graduate teaching assignments, fellowships and grant writing. They also demanded to view their personal data profiles by Sept. 1.”

“Officials are backing away from a controversial rule allowing Minnesota’s state colleges and universities to examine the personal cellphones of their employees,” The Star Tribune reports.

According to the AP, “a Tampa, Florida, middle school teacher has been suspended after parents complained that she gave students a questionnaire on personal information including their sexual orientation, gender identity and religion.”

Social Media Monitoring

Via The Guardian: “Facebook, Twitter, Google and Microsoft team up to tackle extremist content.”

The companies are to create a shared database of unique digital fingerprints – known as “hashes” – for images and videos that promote terrorism. This could include recruitment videos or violent terrorist imagery or memes. When one company identifies and removes such a piece of content, the others will be able to use the hash to identify and remove the same piece of content from their own network.

Via The Verge: “The FBI just got its hands on data that Twitter wouldn’t give the CIA.” Good thing @jack’s so woke.

The privacy-violating hashtag #whatIwishmyteacherknew has been turned into a book, so that the teacher behind this can profit from her students’ struggles. So unbelievably gross. Here’s a different example of ownership (and the surrender of ownership) of students’ stories via the Star Tribune: “Retired Minn. teacher’s final assignment: Giving back his students’ stories. Richard Roach retired from teaching 23 years ago, but he’s still passing back ”autobiographies“ he assigned decades ago.”

Via ESPN: “Ole Miss officials have determined that a text message conversation published to Miami Dolphins rookie Laremy Tunsil’s Instagram account during the NFL draft did happen last year, sources told ESPN’s Outside the Lines, but the school is still looking into whether the messages were altered before they were published.” The Instagram photo showed Tunsil asking Ole Miss’s athletic director for help paying his rent and his mom’s utility bill. It was one of two social media messages – the other a Twitter photo of Tunsil smoking marijuana through a gas mark – that were posted during the NFL draft.

Via The Intercept: “The CIA Is Investing in Firms That Mine Your Tweets and Instagram Photos.”

Via the EFF: “Tech Companies, Fix These Technical Issues Before It’s Too Late.” “If a tech product might be co-opted to target a vulnerable population, now is the time to minimize the harm that can be done.” Education technology companies. Get your shit together now.

The Tor Project still has not been able to get an answer as to whether or not Carnegie Mellon University worked with the FBI in order to de-anonymize the Tor browser’s users.

Coffee shops in the UK that run Wi-Fi networks might have to store internet data under new snooping laws, The Guardian reports.

“The UK government’s National Pupil Database has already been used to combat ‘abuse of immigration control’ – despite ministerial assurances that the collection of pupils’ nationality will not be passed to the border officials,” The Register reports. The Guardian has more details.

Via Bloomberg: “Secret Cameras Record Baltimore’s Every Move From Above.”

The FBI has requested that Apple provide a back door to bypass device security. CEO Tim Cook has responded with “ A Message to Our Customers.” (Elsewhere, via The Daily Dot: “ Minorities and women largely shut out of encryption debate.”)

Via Schools Week: “While the compulsory retention of every website visit for every person in the UK was recently debated and passed in the House of Commons in the Investigatory Powers Bill, the plans for statutory surveillance of every child’s Internet use, in schools and at home, has gone unnoticed.”

Researchers at Purdue’s Visual Analytics for Command, Control and Interoperability Environments, or VACCINE, a US Department of Homeland Security center based at the university – uh, nice acronym – have created a system that “could let law enforcement and public safety agencies tap into thousands of cameras in places like parking garages, college campuses, national parks, and highways.”

Surveillance Toys

“Talking Dolls May Spread Children’s Secrets, Privacy Groups Allege,” The Wall Street Journal reports. Buzzfeed has more on the FTC complaint filed over the My Friend Cayla doll and the I-Que robot: these toys “collect personal information from children and send it to a software company that contracts with military and intelligence agencies.”

VTech has acquired Leapfrog for $72 million. And a lot of publications that wrote up the press release failed to talk about VTech’s recent privacy breach. But hey. (More on VTech in the data and privacy section below.)

“Even Barbie gets a smart home and a drone in 2016,” says Mashable. Surveillance Barbie. What could possibly go wrong?

The privacy news site PogoWasRight.org has filed an FTC complaint against uKnowKids, a business that claims to monitor children online.

ToyTalk, maker of the Hello Barbie surveillance doll, is rebranding as PullString, according to Techcrunch. (Heh.) The company is pivoting away from surveillance toys (ostensibly) and will now make a scripting platforms for bots, hopping on to the latest Silicon Valley craze. I mean, not that surveillance still isn’t part and parcel of what Silicon Valley is promoting. But bots!

And again, Motherboard Vice: “Nintendo’s Charming ‘Miitomo’ Could Be the Most Brilliant Data Mining App Ever.” (To which I extend congratulations. Because up ’til now, MOOCs were the most brilliant data mining app ever.)

Via Reuters: “Uber Technologies Inc on Tuesday released its first ever transparency report detailing the information requested by not only U.S. law enforcement agencies, but also by regulators. The ride-sharing company said that between July and December 2015, it had provided information on more than 12 million riders and drivers to various U.S. regulators and on 469 users to state and federal law agencies.” Uber provided data to the government in almost every case in which it was requested.

Via The Guardian: “Facebook’s new app for teens is ‘always public and viewable by everyone’.”

“Google aims to kill passwords by the end of this year,” says The Guardian. The notion of biometrics instead of passwords is a terrible idea, and let’s hope it never comes to Google Apps for Education where schools will love it (at the expense of student and staff privacy, of course).

Yik Yak and Anonymity

The EFF has sent a letter to the Department of Education asking it “to protect university students’ right to speak anonymously online, warning that curtailing anonymous speech as part of anti-harassment regulations would not only violate the Constitution but also jeopardize important on-campus activism.”

“Yik Yak tries to make a comeback with launch of private chat,” reports Techcrunch’s Sarah Perez. The anonymous messaging app has seen no significant growth in the past year – but it’s seen plenty of negative PR about the impact it’s had on campuses.

Inside Higher Ed reports that “Several civil liberties and academic freedom organizations have sent the U.S. Education Department a letter urging it to avoid decisions or policies that would punish colleges that do not ban Yik Yak.”

“Yik Yak asks users to create user names in a step away from anonymity,” The Verge reports. What could possibly go wrong?

Via The Washington Post: “The U.S. Education Department’s new planned system of records that will collect detailed data on thousands of students – and transfer records to private contractors – is being slammed by experts who say there are not adequate privacy safeguards embedded in the project.”